Hello, I was wondering if it is possible to have a sql authenticate{} section, and if so, how to define the queries? In the wiki, I find "Many people ask if they can "authenticate" users to their SQL database however the answer is "You are asking the wrong question." " So, my question is: "When doing PAP (actually EAP-TTLS/PAP, in my case), how do I check a user's cleartext User-Password against one stored in a MySQL database?" I'm currently doing this in my authenticate { } section, which uses a custom MySQL query along the lines of: SELECT ... FROM users WHERE username='%{User-Name}' AND pass = SHA2('%{User-Password}', 256) but since authentication is supposed to happen in the authenticate { } section, is there any way to move the password checking there? I don't see any indication of the authenticate{} group in sql.conf or sql/mysql/dialup.conf. Thanks, Jason Antman